Ian Clark, Vice President, API Management, CA Technologies
The potential of PSD2 is already under investigation from industries across the board since coming into effect in January 2018. From aviation to retail, the ability to change the customer experience through more integrated services is an attractive proposition.
While GDPR looks to ringfence consumer privacy, PSD2 conversely looks to unleash the banking and payments sector, allowing third-party access to customer data. The combination is a potent legislative cocktail that will challenge banks and fintech companies as the European Union (EU) looks to actively enforce data protection rules while fostering a more open and competitive financial marketplace.
Both are the subject of much debate. But in this article, I want to explore PSD2, what it means for the financial community and the steps that must be taken in the lead-up to this pivotal year.
Refreshing the original payments legislation
PSD2 was enacted to update the original Payment Services Directive and was proposed by the European Commission in 2013. But it wasn’t until January 2018 that 28 EU member states transposed the provisions of PDS2 into national law.
PSD2 has the potential to revolutionise the way we make digital payments. It allows consumers to have the option of using third-party providers to manage their financial assets. It takes us from a ‘monolithic model’, where consumers interact primarily with just a single bank to a ‘banking platform model’ where consumers have the option of leveraging multiple services from multiple financial service providers and banks.
The regulation looks to level the playing field, creating a single integrated payment services market with uniform approaches for both banks and the emerging payments and fintech companies. It will further free the market by removing barriers to entry for new operators. The regulation does this by strengthening uniform security for all stakeholders, unlocking the opportunity for new payment services, ensuring transparency and promoting market competition through innovation.
Educating the consumer
Poised to be hugely beneficial for consumers, PSD2 allows for faster payments and makes strong customer authentication mandatory. With consumers demanding access to all their banking services across every digital channel, whenever and wherever they are, this regulation gives the financial services market the chance to properly respond and deliver on those expectations.
Even though the law is now in place, many consumers will be unaware of how they can take advantage of it. Banks need to take the lead on educating the public on the potential implications that the regulations will have for them, allaying their concerns around data protection. Without effective communication, banks risk losing the trust of their customer base. Those that get it right could gain a competitive advantage here.
Realising the business opportunity
From a business perspective, PSD2 enables the industry to be more open, innovative and collaborative. But financial services companies must grasp that opportunity with both hands. With this in place, banks and fintech providers can partner to develop innovative new services that were not previously possible. However, the larger banks need to ensure that they are receptive to this change and become more open to sharing data and insights with fintech companies, or they could be left behind.
As with all modern data issues, implementing new technologies is crucial here and banks are turning to the latest enterprise software to make them more agile ahead of the PSD2 deadline.
Here are two examples of how organisations may encounter the Directive and recommended tools to help meet and surpass key requirements of stronger authentication, for open secure communications:
- Issue: Online banking security
Solution: Advanced authentication: Advanced authentication is a flexible and scalable solution that incorporates both risk-based authentication methods, like device identification, geolocation and user activity, as well as a wide variety of multi-factor, strong authentication credentials. This solution allows financial organisations to create a layered, strong authentication process to ensure that only legitimate users gain access to their accounts and payment services
- Issue: Account access and API security
Solution: API management: Application programming interfaces (APIs) provide the connectivity to meet PSD2’s open communications demands and requirements (e.g. Third-Party Provider, TPP and Access to Account, XS2A). API management provides the capabilities financial organisations need to address new digital transformation challenges. This platform secures the open enterprise, providing a secure integration capability across apps, devices, and businesses
The introduction of PSD2 this year, along with the impending GDPR, will certainly bring disruption to the financial services market. However, this must be viewed as an exciting opportunity for businesses to re-evaluate their proposition to today’s consumer – and collaborate across the industry better to deliver new exciting innovative services. Companies need a standards-based PSD2 platform that is ready for what 2018 will bring, yet sufficiently flexible to adapt to the evolving regulatory and business needs of Open Banking that the market will demand.
If banks and fintech companies respond appropriately to these regulatory changes, a hugely positive shift for the market can be triggered, resulting in a far more consumer-centric operating model.